ASVS Requirement 4.2.3

• Level: 3
• Chapter: V4 API and Web Service
• Section: V4.2 HTTP Message Structure Validation
• Source: 0x13-V4-API-and-Web-Service.md

Description

Verify that the application does not send nor accept HTTP/2 or HTTP/3 messages with connection-specific header fields such as Transfer-Encoding to prevent response splitting and header injection attacks.